October 11, 2011 3 Comments
Advanced persistent threats (APT) and targeted threats are a hot topic these days, but most speak about such attacks in the context of the military and national security. Last week, Rep. Mike Rogers, the Chairman of the House Permanent Select Committee on Intelligence, went on CNN (video here) to provide a picture of how targeted threats are affecting businesses in the U.S. and abroad.
Rep. Rogers is pushing for greater visibility into what he calls “purely commercial espionage” by China. Specifically the use of deliberate and targeted attacks to exfiltrate intellectual property and sensitive information from U.S. companies to be used to create an unfair competitive advantage and undermine the performance of those companies. The ultimate aggregate affect of this industrial espionage would be to weaken the U.S. economy through lost jobs and lost corporate revenues.
Certainly, commercial organizations need to very quickly get their heads and hands around the problem of targeted attacks and their inability to shield themselves from these attacks. Rep. Rogers sums up the situation by saying: “There are two types of companies. Those who know they have been attacked, and those who don’t.”
For those of you on the commercial side that don’t get the subtlety of that remark, Rep. Rogers is saying you have been attacked. You just might not know it because your prevention tools have failed and will not detect such attacks as described by the post “Making the Case for Rapid Detection and Response”.
The deliberate, persistent, and targeted threats from enemy nation-states are not a matter for the military and the intelligence community. Every business and enterprise is a target. And the stakes are not small. Rep. Rogers tells the story of a company that had research stolen that represented an investment of $1B dollars to that organization. Imagine investing for years on a product only to have it show up on the market before you launch it.
Luckily this problem is not new (at least to many of us) so there are products designed to detect the attacks that evade your defenses. You can become one of those companies that know they have been attacked, and have the actionable information needed to do something about it.
The first step is simple: recognize that you have the problem. Don’t get stuck thinking that you already have the tools in place to detect these attacks because you don’t. And that is not you fault, nor does it mean that your investments in IT security were wasted. It just means that the world has changed and the threat has evolved and now you must take the appropriate steps to counter that threat. You must look beyond the traditional shields and embrace the notion of rapid detection and response. You need a Plan “B” for security.
And the sooner the better.